Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0
CVE-2023-48432 · Severity
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.
Learn more about our Web App Pen Testing.